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DETAILED ACTION 

Response to Amendment 
This Office Action is in response to Applicants* Amendment and Request for Reconsideration 
filed on November 1, 2004. Claims 1-22 are presented for further examination. Newly added 
claims 23-24 are presented for examination. 



Claim Rejections - 35 USC §103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-24 are rejected under 35 U.S.C. 103(a) as being unpatentable over Shi et al 
(hereinafter, 'Shi", U.S. Pat. No. 5,875,296) in view of Wood et al (hereinafter, "Wood", U.S. 
Pat. No. 6,668,322). 

As per claims 1, 10 and 19, Shi discloses a method, an article of manufacture and an 
apparatus for de-authenticating from a first web server security realm protected by an 
authentication scheme lacking a de-authentication operation, the method comprising: 

• attempting to access a first resource in a first security realm protected by the 
authentication scheme (abstract and col. 8, lines 32-46); 

• receiving a request for authentication credentials in response to said attempting to access 
the first resource (abstract and col. 8, lines 32-46); and 
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• supplying said authentication credentials in response to the request so as to become 
authenticated in the first security realm (abstract and col. 8, Hnes 32-46). 

However, Shi does not explicitly disclose: 

• accessing a logout resource in the first security realm, said logout resource configured to 
automatically authenticate with a second security realm on accessing thereof. 

Wood discloses an access management system and method employing secure credentials in 
which a single sign-on is used to control access to multiple domains for accessing one or more of 
enterprise applications or resources. Once authenticated in a domain, a user can later access (i.e. 
logout) the same or to another information resource without any additional authentication (col. 
15, Hnes 23-26 and col. 17, lines 20-29). Therefore, Wood imphcitly discloses accessing a 
logout resource in the first security realm, said logout resource configured to automatically 
authenticate with a second security realm on accessing thereof 

Accordingly, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have incorporated Wood's teaching of an access management system and 
method employing secure credentials in which a single sign-on is used to control access to 
multiple domains, for the purpose of allowing sessions credentials to be authenticated once in 
order to access one or more information resources without the need of further login credentials 
and authentication. Which would improve the security of information transactions over network 
[see Wood, col. 1, lines 8-10, col. 2, hnes 27-30 and lines 50-55]. Thus, Shi provides the 
motivation to combine by utilizing a method of authentication a web client to a web server(s) as 
well as providing a distributed file system authentication scheme for web browsing that only 



Application/Control Number: 09/843,599 Page 4 

Art Unit: 2157 

requires passing of a user id and password once [see Shi col. 2, lines 38-44 and col. 3, lines 40- 
46], 

As per claims 2, 11 and 20, Shi further discloses: 

• providing a common access point executing a web browser (abstract and col. 8, lines 32- 
46); and 

• first displaying a login web page of the second security realm so that a first user may 
authenticate with the first security realm and access the first resource, the login page 
comprising a login resource configured to perform said attempting to access the first 
resource (abstract and col. 8, lines 32-46); 

However, Shi does not explicitly disclose: 

• second displaying the login web page of the second security realm responsive to said 
accessing the logout resource so that a second user may authenticate with the first 
security realm and access the first resource. 

Wood discloses an access management system and method employing secure credentials in 
which a single sign-on is used to control access to multiple domains for accessing one or more of 
enterprise applications or resources. Once authenticated in a domain, a user can later access (i.e. 
logout) the same or to another information resource without any additional authentication (col. 
15, lines 23-26 and coL 17, lines 20-29). Therefore, Wood implicitly discloses second 
displaying the login web page of the second security realm responsive to said accessing the 
logout resource so that a second user may authenticate with the first security realm and access 
the first resource. 



Application/Control Number: 09/843,599 Page 5 

Art Unit: 2157 

Accordingly, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have incorporated Wood's teaching of an access management system and 
method employing secure credentials in which a single sign-on is used to control access to 
multiple domains, for the purpose of allowing sessions credentials to be authenticated once in 
order to access one or more information resources without the need of further login credentials 
and authentication. Which would improve the security of information transactions over network 
[see Wood, col, 1, lines 8-10, col. 2, Unes 27-30 and lines 50-55]. Thus, Shi provides the 
motivation to combine by utilizing a method of authentication a web client to a web server(s) as 
well as providing a distributed file system authentication scheme for web browsing that only 
requires passing of a user id and password once [see Shi col. 2, lines 38-44 and col. 3, lines 40- 
46]. 

As per claims 3 and 12, Shi discloses the invention substantially as claimed as discuss 
above. 

However, Shi does not explicitly disclose: 

• wherein the logout resource execute a script configured to authenticate a user with the 
second security realm. 

Wood discloses an access management system and method employing secure credentials in 
which a single sign-on is used to control access to multiple domains for accessing one or more of 
enterprise applications or resources. Once authenticated in a domain, a user can later access (i.e. 
logout) the same or to another information resource without any additional authentication (col. 
15, lines 23-26 and col. 17, lines 20-29). Therefore, Wood impHcitly discloses wherein the 
logout resource execute a script configured to authenticate a user with the second security realm. 
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Accordingly, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have incorporated Wood's teaching of an access management system and 
method employing secure credentials in which a single sign-on is used to control access to 
multiple domains, for the purpose of allowing sessions credentials to be authenticated once in 
order to access one or more information resources without the need of further login credentials 
and authentication. Which would improve the security of information transactions over network 
[see Wood, col. 1, lines 8-10, col. 2, lines 27-30 and lines 50-55]. Thus, Shi provides the 
motivation to combine by utilizing a method of authentication a web client to a web server(s) as 
well as providing a distributed file system authentication scheme for web browsing that only 
requires passing of a user id and password once [see Shi col. 2, lines 38-44 and col. 3, lines 40- 
46]. 

As per claims 4 and 13, Shi discloses the invention substantially as claimed as discuss 
above. 

However, Shi does not expHcitly disclose: 

• wherein the logout resource comprises a web page element comprising a link to the 
script; and 

• wherein the web page element incorporates authentication credentials for the second 
security realm so that the user need not to provide authentication to access the second 
security realm. 

Wood discloses an access management system and method employing secure credentials in 
which a single sign-on is used to control access to multiple domains for accessing one or more of 
enterprise applications or resources. Once authenticated in a domain, a user can later access (i.e. 
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logout) the same or to another information resource without any additional authentication (col. 
15, lines 23-26 and col. 17, lines 20-29). Therefore, Wood implicitly discloses wherein the 
logout resource comprises a web page element comprising a link to the script and wherein the 
web page element incorporates authentication credentials for the second security realm so that 
the user need not to provide authentication to access the second security realm. 

Accordingly, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have incorporated Wood's teaching of an access management system and 
method employing secure credentials in which a single sign-on is used to control access to 
multiple domains, for the purpose of allowing sessions credentials to be authenticated once in 
order to access one or more information resources without the need of further login credentials 
and authentication. Which would improve the security of information transactions over network 
[see Wood, col. 1, lines 8-10, col 2, Unes 27-30 and lines 50-55]. Thus, Shi provides the 
motivation to combine by utilizing a method of authentication a web client to a web server(s) as 
well as providing a distributed file system authentication scheme for web browsing that only 
requires passing of a user id and password once [see Shi col. 2, lines 38-44 and col. 3, lines 40- 
46]. 

As per claims 5 and 14, Shi discloses: 

• wherein the authentication scheme comprises HTTP basic authentication (abstract, col. 

1, lines 10-17, Hnes 61-63 and col. 3, lines 17-21). 
As per claims 6, 15 and 21, Shi discloses a method, an article of manufacture and an 
apparatus for de-authenticating from an HTTP basic authentication comprising: 
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• attempting to access a first resource in a first security realm protected by HTTP basic 
authentication (abstract and col. 8, lines 32-46); 

• responsive to said attempting to access, receiving an authentication request for 
controlling access to the first resource (abstract and col. 8, lines 32-46); 

• supplying authentication credentials responsive to said authentication request so as to 
authenticate with the first security realm (abstract and col. 8, lines 32-46); 

However, Shi does not explicitly disclose: 

• accessing a second resource in the first security realm; and 

• responsive to said accessing the second resource, automatically authenticating with a 
second security realm. 

Wood discloses an access management system and method employing secure credentials in 
which a single sign-on is used to control access to muhiple domains for accessing one or more of 
enterprise applications or resources. Once authenticated in a domain, a user can later access (i.e. 
logout) the same or to another information resource without any additional authentication (col. 
15, lines 23-26 and col. 17, lines 20-29). Therefore, Wood implicitly discloses accessing a 
second resource in the first security realm and responsive to said accessing the second resource, 
automatically authenticating with a second security realm. 

Accordingly, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have incorporated Wood's teaching of an access management system and 
method employing secure credentials in which a single sign-on is used to control access to 
multiple domains, for the purpose of allowing sessions credentials to be authenticated once in 
order to access one or more information resources without the need of further login credentials 
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and authentication. Which would improve the security of information transactions over network 
[see Wood, col 1, lines 8-10, col. 2, lines 27-30 and lines 50-55]. Thus, Shi provides the 
motivation to combine by utilizing a method of authentication a web client to a web server(s) as 
well as providing a distributed file system authentication scheme for web browsing that only 
requires passing of a user id and password once [see Shi col. 2, lines 38-44 and col. 3, lines 40- 
46]. 

As per claims 7 and 16, Shi discloses: 

• wherein said authenticating with the second security realm invalidates a prior 
authentication with the first security realm (col. 9, lines 1 1-22). 

As per claims 8 and 17, Shi further discloses: 

• displaying a login element within a web browser, the login element configures to access 
the first resource upon activation thereof (abstract and col. 8, lines 32-46). 

As per claims 9, 18 and 22, Shi further discloses: 

a. authenticating a first user with the first security realm (col. 9, lines 1 1-22); 
However, Shi does not explicitly disclose: 

• displaying a logout element within the web browser for performing said automatically 
authenticating with the second security realm; and 

within a single browser session: 

b. authenticating the first user with the second security realm so as to de-authenticate 
the first user from the first security realm; and 

c. authenticating a second user with the first security realm. 
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Wood discloses an access management system and method employing secure credentials in 
which a single sign-on is used to control access to multiple domains for accessing one or more of 
enterprise applications or resources. Once authenticated in a domain, a user can later access (i.e. 
logout) the same or to another information resource without any additional authentication (col. 
15, lines 23-26 and col. 17, lines 20-29). Therefore, Wood implicitly discloses displaying a 
logout element within the web browser for performing said automatically authenticating with the 
second security realm, authenticating the first user with the second security realm so as to de- 
authenticate the first user from the first security realm and authenticating a second user with the 
first security realm. 

Accordingly, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have incorporated Wood's teaching of an access management system and 
method employing secure credentials in which a single sign-on is used to control access to 
multiple domains, for the purpose of allowing sessions credentials to be authenticated once in 
order to access one or more information resources without the need of further login credentials 
and authentication. Which would improve the security of information transactions over network 
[see Wood, col. 1, lines 8-10, col. 2, lines 27-30 and lines 50-55]. Thus, Shi provides the 
motivation to combine by utilizing a method of authentication a web client to a web server(s) as 
well as providing a distributed file system authentication scheme for web browsing that only 
requires passing of a user id arid password once [see Shi col. 2, lines 38-44 and col. 3, lines 40- 
46]. 

As per claim 24, Shi discloses a de-authenticating method for a web browser, comprising: 
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• accessing a first resource in a first security realm of the web server with the web 
browser, the web browser automatically cache authentication credentials for a current 
security realm to which the web browser is authenticated (abstract and col. 8, lines 32- 
46); 

• receiving a request for authentication responsive to requesting the first resource 
(abstract and col. 8, lines 32-46); and 

• authenticating with the first security realm based at least in part on providing 
authentication credentials responsive to the request for authentication, so that the current 
security realm is first security realm (abstract and col. 8, lines 32-46). 

However, Shi does not explicitly disclose: 

• de-authenticating from the first web server security realm based at least in part on 
accessing a second resource of a second security realm different from the first resource 
of the first security realm, so that the current security realm changes fro the first security 
realm to the second security realm. 

Wood discloses an access management system and method employing secure credentials in 
which a single sign-on is used to control access to multiple domains for accessing one or more of 
enterprise applications or resources. Once authenticated in a domain, a user can later access (i.e. 
logout) the same or to another information resource without any additional authentication (col. 
15, hnes 23-26 and col. 17, lines 20-29). Therefore, Wood implicitly discloses de-authenticating 
from the first web server security realm based at least in part on accessing a second resource of a 
second security realm different from the first resource of the first security realm, so that the 
current security realm changes fro the first security realm to the second security realm. 
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Accordingly, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have incorporated Wood's teaching of an access management system and 
method employing secure credentials in which a single sign-on is used to control access to 
multiple domains, for the purpose of allowing sessions credentials to be authenticated once in 
order to access one or more information resources without the need of further login credentials 
and authentication. Which would improve the security of information transactions over network 
[see Wood, col. 1, lines 8-10, col. 2, lines 27-30 and lines 50-55]. Thus, Shi provides the 
motivation to combine by utilizing a method of authentication a web client to a web server(s) as 
well as providing a distributed file system authentication scheme for web browsing that only 
requires passing of a user id and password once [see Shi col. 2, lines 38-44 and col. 3, lines 40- 
46]. 

As per claim 24, Shi discloses, 

• wherein the web browser and the web server communicate using a stateless 
communication protocol (col. 4, lines 27-30). 

Response to Arguments 
3. Applicant's arguments with respect to clairns 1-24 have been considered but are moot in 
view of the new ground(s) of rejection. 
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Conclusion 



4. 



The prior art made of record and not relied upon is considered pertinent to applicant's 



disclosure. 



U.S. Pat. No. 6,339,423 to Sampson et al 
U.S. Pat. No. 6,601,171 to Carter et al 
U.S. Pat. No. 5,649,099 to Theimer et al 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to LaShonda T. Jacobs whose telephone number is 703-305-7494. 
The examiner can normally be reached on 8:30 AM - 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on 703-308-7562. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Pubhc PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



LaShonda T. Jacobs 

Examiner 

Art Unit 2157 



Itj 

February 14, 2005 




SUPERVISORY PATENT EXAWSINER 

rf:C>!WOli}GY CENTER 2100 



Application/Control Number: 09/843,599 
Art Unit: 2157 



